DEBIAN-CVE-2024-28233

JupyterHub is an open source multi-user server for Jupyter notebooks. By tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS directly affecting the former's session. More precisely, in the context of JupyterHub, this XSS could achieve full access to JupyterHub API...

Return-Oriented Programming(ROP)

thunderbird:sid, firefox-esr:sid is vulnerable to Return-Oriented ProgrammingROP. The vulnerability is due to improper handling of return registers, potentially allowing attackers to execute arbitrary code by overwriting them with controlled values...

Fedora: Security Advisory (FEDORA-2024-f7745a5990)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for rubygem-yard (FEDORA-2024-3744975c4b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: clojure-1.11.2-1.fc38

Clojure is a dynamic programming language that targets the Java Virtual Machine. It is designed to be a general-purpose language, combining the approachability and interactive development of a scripting language with an efficient and robust infrastructure for multithreaded programming. Clojure is...

[SECURITY] Fedora 40 Update: clojure-1.11.2-1.fc40

Clojure is a dynamic programming language that targets the Java Virtual Machine. It is designed to be a general-purpose language, combining the approachability and interactive development of a scripting language with an efficient and robust infrastructure for multithreaded programming. Clojure is...

Important: Red Hat Security Advisory: go-toolset-1.19-golang security update

An update for go-toolset-1.19-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

GitHub Launches AI-Powered Autofix Tool to Assist Devs in Patching Security Flaws

GitHub on Wednesday announced that it's making available a feature called code scanning autofix in public beta for all Advanced Security customers to provide targeted recommendations in an effort to avoid introducing new security issues. "Powered by GitHub Copilot and CodeQL, code scanning autofi...

[SECURITY] Fedora 38 Update: rubygem-yard-0.9.36-1.fc38

YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...

CVE-2023-46841

Recent x86 CPUs offer functionality named Control-flow Enforcement Technology CET. A sub-feature of this are Shadow Stacks CET-SS. CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return addresses...

CVE-2023-46841

Recent x86 CPUs offer functionality named Control-flow Enforcement Technology CET. A sub-feature of this are Shadow Stacks CET-SS. CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return addresses...

CVE-2023-46841

Recent x86 CPUs offer functionality named Control-flow Enforcement Technology CET. A sub-feature of this are Shadow Stacks CET-SS. CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return addresses...

CVE-2023-46841 x86: shadow stack vs exceptions from emulation stubs

Recent x86 CPUs offer functionality named Control-flow Enforcement Technology CET. A sub-feature of this are Shadow Stacks CET-SS. CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return addresses...

CVE-2023-46841

CVE-2023-46841 affects the Xen hypervisor CET Shadow Stacks feature. The issue arises when CET-SS replay of certain instructions during return handling misses the shadow-stack frame removal, creating a potential local impact on availability. Documents describe Xen’s interaction with shadow stacks...

CVE-2023-46841

Recent x86 CPUs offer functionality named Control-flow Enforcement Technology CET. A sub-feature of this are Shadow Stacks CET-SS. CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return addresses...

CVE-2023-46841 x86: shadow stack vs exceptions from emulation stubs

Recent x86 CPUs offer functionality named Control-flow Enforcement Technology CET. A sub-feature of this are Shadow Stacks CET-SS. CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return addresses...

Cisco Nexus 3000 and 9000 Series Switches Port Channel ACL Programming (cisco-sa-nxos-po-acl-TkyePgvL)

A vulnerability exists in the access control list ACL programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. Please see the...

WordPress Plugin Coming Soon & Maintenance Mode by Colorlib Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Improving C++

C++ guru Herb Sutter writes about how we can improve the programming language for better security. The immediate problem "is" that it’s Too Easy By Default™ to write security and safety vulnerabilities in C++ that would have been caught by stricter enforcement of known rules for type, bounds,...

PaperCut NG Security Vulnerability

PaperCut NG is a suite of next-generation printer control software from PaperCut Australia. A security vulnerability exists in PaperCut NG/MF that stems from a vulnerability that allows an attacker to expose files on the server to affected API endpoints via a payload...